> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dfns.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Delegated 1/2: Dfns API using a service account

> Building your own app? Learn how to consume the Dfns APIs using a service account for server-to-server access without a human user.

Once you have registered in your Dfns org and invited your Users, the next step is to create a Service Account, which you can think of as a machine user. For more details on what service accounts are and when to use them, please refer to [service-account-management](/api-reference/auth/service-accounts).

<Steps>
  <Step title="Prepare a key pair">
    Your service account will need its own key pair to sign its requests. The easiest way to create a Public / Private Key pair is from the command line. You can use the commands shown below or see our [documentation on key generation](/guides/developers/generate-a-key-pair):

    ```sh theme={null}
    # Generate RSA Private Key
    openssl genrsa -out rsa2048.pem 2048
    # Generate the Public Key
    openssl pkey -in rsa2048.pem -pubout -out rsa2048.public.pem
    ```
  </Step>

  <Step title="Create the Service Account">
    Navigate to Settings > Developers > Service Accounts and click "New Service Account". Name the Service Account, copy in the public key (including begin/end lines like `-----BEGIN PUBLIC KEY-----`), click “Create” and 🔑 sign the action with your passkey.

    <Frame>
      <img src="https://mintcdn.com/dfns-6d8c7466/C-QxugfNcolBADI3/images/nonCustody01.png?fit=max&auto=format&n=C-QxugfNcolBADI3&q=85&s=bdbf13525ae671e8d7ac8794d728ca34" alt="" width="2220" height="1630" data-path="images/nonCustody01.png" />
    </Frame>
  </Step>

  <Step title="Store your Service Account authentication token">
    The last page shows the masked Service Account JWT. Copy it to a secure location before leaving the page.

    <Warning>
      The token will not be shown later!
    </Warning>

    <Frame>
      <img src="https://mintcdn.com/dfns-6d8c7466/C-QxugfNcolBADI3/images/nonCustody02.png?fit=max&auto=format&n=C-QxugfNcolBADI3&q=85&s=f0c573430e219e49f88cb37d32a3f8e3" alt="" width="2236" height="1646" data-path="images/nonCustody02.png" />
    </Frame>
  </Step>

  <Step title="Use the Service Account">
    You now have:

    * A Service Account Token: use it for [authentication](/api-reference/auth/) in all your API requests.
    * A Private/Public key pair: use it to [sign your action](/api-reference/auth/signing-flows) requests.
  </Step>
</Steps>

<Check>
  Congratulations! You can now make server-side API calls using your service account. Now start building your app using [our TypeScript SDK](/sdks/backend/typescript) or [Python SDK](/sdks/backend/python). For a complete example, see [the Service Account sample app](https://github.com/dfns/dfns-sdk-ts/tree/m/examples/sdk/service-account).
</Check>

This service account will next be used to log your customers (end-users) in and let them create their own wallets on your organization in <Icon icon="7" />[Delegated 2/2: customer login and delegated wallets](/introduction/quickstart/7-non-custody-2-2-customer-login-and-delegated-wallets)